I'm seeing a lot of inconsistency in the funtion of the built-in smart card support in Sierra. I've been looking for a way to disable it to test some of the tokend solutions available, but there doesn't appear to be any way to disable it. Is anyone aware of a way to disable or override the build in smart card software?
Accepted Reply
I found the answer in the man page for SmartCardServices-legacy :
DISABLING NEW SMART CARD SUPPORT
It is possible to turn of the new tokens by setting the global preference:
sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array
com.apple.CryptoTokenKit.pivtoken
After writing that plist, all tokend solutions appear to work, some better than others.
Replies
I found the answer in the man page for SmartCardServices-legacy :
DISABLING NEW SMART CARD SUPPORT
It is possible to turn of the new tokens by setting the global preference:
sudo defaults write /Library/Preferences/com.apple.security.smartcard DisabledTokens -array
com.apple.CryptoTokenKit.pivtoken
After writing that plist, all tokend solutions appear to work, some better than others.
I run %security smartcards token -l
it returns "com.apple.CryptoTokenKit.pivtoken"
I have tried to run %security smartcards token -e com.apple.CrtpyoTokenKit.pivtoken
and receive Permission Denied!
I have also run sudo defaults write /Library/PReferences/com.apple.security.smartcard EnableTokens -array com.apple.CryptoTokenKit.pivtoken
I am prompted for the admin pw, it appears to run without issue.
However pivtoken still shows as disabled in both the System Report and when I run the -l command again.
Any help identifying what I may be missing would be appreciated.